check before: 2025-11-01
Product:
Entra, Microsoft 365 Apps
Platform:
Online, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Summary:
Between November 2025 and February 2026, Microsoft Baseline Security Mode automatically created two disabled draft Entra Conditional Access policies in some tenants. This is not a security issue, requires no action, and a fix will remove unintended drafts and prevent automatic creation.
Details:
Problem detected: Microsoft Baseline Security Mode has automatically triggers Entra Conditional Access policy creation
Customers who accessed Baseline Security Mode in Microsoft 365 between November 2025 and early February 2026 might see two draft Microsoft Entra ID Conditional Access policies created in their tenant in a Disabled state. These policies are associated with Baseline Security Mode and might appear as created by the administrator who signed in to the Microsoft Baseline Security Mode page.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-03-19
updated:
2026-03-19
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Unintended Policy Creation
Automatic creation of two disabled draft Entra Conditional Access policies may confuse administrators and lead to mismanagement of security settings.
- roles: IT Administrators, Security Officers
- references: https://learn.microsoft.com/en-us/microsoft-365/baseline-security-mode/baseline-security-mode-settings?view=o365-worldwide
User Experience Disruption
Although the policies are disabled, their presence may lead to unnecessary inquiries and concerns from users about security changes, impacting user trust.
- roles: End Users, Helpdesk Support
- references: https://learn.microsoft.com/en-us/microsoft-365/baseline-security-mode/baseline-security-mode-settings?view=o365-worldwide
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 1 week ago ago
